﻿using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;

//namespace BooksManage
//{
    public partial class Login :System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            Session["username"] = TextBoxName.Text.ToString().Trim();
            Session ["password"] = TextBoxPassword.Text.ToString().Trim();
           // Session["userRole"] = RadioButtonList1.SelectedValue.Trim();
            string selectStr = "Select * from [User] where [Username]=@Username and [Password]=@Password";
        //    switch (Session["userRole"].ToString())
        //{
        //    case "0":                       //身份为学生时              
        //        selectStr = "Select * from [users] where [sno]=@userNo and [limits]='0' ";
        //        break;
        //    case "1":                      //身份为管理员时
        //        selectStr = "Select * from [Users] where [sno]=@userNo and [limits]='1' ";
        //        break;
        //}
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
        SqlDataReader sdr;
        SqlCommand cmd = new SqlCommand(selectStr,conn);
        cmd.CommandType=CommandType.Text;

        SqlParameter para = new SqlParameter("@Username", SqlDbType.Char, 10);
        para.Value = Session["Username"].ToString();
        SqlParameter para1 = new SqlParameter("@Password", SqlDbType.Char, 10);
        para1.Value = Session["Password"].ToString();

        cmd.Parameters.Add(para);
        cmd.Parameters.Add(para1);

            conn.Open();                    //打开连接
            sdr = cmd.ExecuteReader(); //执行查询
            if (sdr.Read())                 //如果该用户存在
            {

                if (sdr.GetString(1).Trim() == Session["Password"].ToString().Trim()) //密码正确
                {
                    conn.Close();
                    //登录成功跳转
                    Response.Redirect("login.aspx");
                    
                }
                else                        //密码错误，给出提示信息！
                {
                    Response.Write("您输入的密码错误，请检查后重新输入！");
                }
            }
            else                            //用户不存在或用户名输入错误
            {
                Response.Write("该用户不存在或用户名输入错误，请检查后重新输入！");
            }
            conn.Close();
          
        }

        protected void ButtonReturn_Click(object sender, EventArgs e)
        {
            //返回到另一个界面
            //Response.Redirect("Menu.aspx");
        }
    }
//}
